As the global crypto economy continues to flourish, With Bitcoin (BTC) currently occupying the region at $ 15,500, doubts remain about the overall security of digital assets, especially after a recent scam that targeted hackers with a phishing email user on a fake ledger website . Various reports say that the victims of 1,150,000 XRP worth approximately $ 290,000 were defrauded.
Dave Jevans, CEO of blockchain intelligence agency CipherTrace and President of the Anti-Phishing Working Group, told Cointelegraph: “Clearly, Ledger should have a more aggressive strategy of defensive domain acquisition, as phishers used similar domains to deceive Ledger users“He went on to explain that an illegal fund-raising program involved the use of a homoglyph in the company’s official URL, in this case a letter that looked like the letter” e.
“The phishing scams were likely the result of emails posted due to a breach of the ecommerce / marketing team. Part of Ledger’s ecommerce and marketing database was owned by an unauthorized third party accessed via a API key “.
In early July this year, the Ledger team announced that it was a data breach that compromised nearly a million email addresses along with a subset of personal information. of 9,500 customers. Additionally, in 2018, scammers were able to create a copy of the Binance website (with an SSL certificate) that remained active for some time before being removed.
Finally, in March, some criminals managed to get 1.4 million XRP tokens using a Google Chrome extension that reproduced Ledger’s image. In fact, the extension was available on the Google App Store for almost a month. Speaking about the various security protocols the company employs, a Ledger spokesperson told Cointelegraph:
“Ledger has its own attack lab, Ledger Donjon, where security experts try to hack and test our own solutions, those of our partners, and those of our competitors. In addition, Ledger regularly conducts penetration tests.”
Are customers also responsible?
It goes without saying that wallet operators need to keep up to date with the latest developments in protecting their customers’ assets. Phishing attacks are common, however, not only in the crypto room, but also in any online service that involves a means of payment.
In this regard, Pavol Rusnák, co-founder and CTO of SatoshiLabs, the company behind the Trezor wallet, told Cointelegraph that it is of paramount importance for cryptocurrency owners to be careful and review any information they receive regarding their digital assets, be it from their wallet providers or from the internet in general.::
“If an email says you need to do something, you can always confirm it through the provider’s support or with other users on Reddit or Twitter. What providers can (and should) do is the likelihood of leaks Do not give your customer data to third parties and reduce the impact of such leaks by deleting your customer data after a certain period of time. “
Jevans shared a similar perspective, believing that customer security and privacy issues should be viewed through a “shared responsibility” lens.This means that both hardware wallet operators and owners of cryptocurrencies work synchronously with one another in order to ensure optimal security of their assets against threats from third parties.
Jevans encouraged users to take reasonable security measures to protect their worth and take responsibility for their actions by using practices based on the security of individual data, adding: “Provide two-factor authentication and never click a ledger link unless you’ve specifically requested a password reset. Users should always enter the URL themselves when visiting the ledger site directly“.
Cryptocurrency education remains crucial
Although cryptocurrencies are revolutionary in terms of design and technological potential, they are still a foreign word to most. However, by guaranteeing people’s monetary self-sovereignty, technology has also burdened them with a great deal of personal responsibility, especially with regard to individual financial security. Consequently, it stands to reason that companies in the blockchain and cryptocurrency space need to educate their users about the consequences of their security measures.
Rusnák believes the industry still has a long way to go when it comes to security. He pointed out that a number of companies operating in this field today tend to make great simplifications such as:Your coins are safe because your wallet has a secure element“, or,”Your coins are safe as our exchange is insuredHe added: “This does not help on the matter as people believe something that is not true and they remain defenseless.“”
Statistically, around 85% to 90% of cryptocurrency owners seem to fall victim to very frequent crypto theft systems, which, according to CipherTrace Cointelegraph, tend to be fake investment scams rather than phishing traps. Because of this, Jevans believes that it is best for the major hardware wallet operators to let their users know about their platforms what to look out for in phishing attempts, especially when these scams invoke the vendor’s name. wallet::
“Based on hundreds of cases of cryptocurrency theft and fraud, cryptocurrency users will have to be much more sophisticated in their personal security operations (SecOps) when deciding to keep their private keys. Many cryptocurrency crime victims do not know what to do when they do find out they were robbed. “
Wallet operators need to pioneer the industry
While companies like Ledger and Trezor have information about phishing and similar scam tactics on their websites, These pages are not easily accessible and are often buried in the troubleshooting FAQ sections. It is therefore reasonable to expect incumbent wallet providers to do more to provide customers with optimized access to quality education that focuses on security.
On this issue, Rusnák firmly believes that transparency and education are the keys to maximizing the security of one’s own resources. He believes that users can only be truly secure if they take the time to sit down and understand the fundamentals of crypto security and personal wallet security.
On a more technical level, he stated that the basic operational design of Trezor’s various wallet options is completely open and that the company is completely transparent about the various operational arrangements with its customers in order to avoid any legal currency issues. that can arise later: “It will take some time for every company in the crypto space to understand this, but it is also our job to demand transparency and openness from the service providers we use.“.